Malware infection of computers and computer systems is a growing problem. Recently there have been many high profile examples where computer malware has spread rapidly around the world causing many millions of pounds worth of damage in terms of lost data and lost working time.
Malware is often spread using a computer virus. Early viruses were spread by the copying of infected electronic files onto floppy disks, and the transfer of the electronic file from the disk onto a previously uninfected computer. When the user tries to open the infected electronic file, the malware is triggered and the computer infected. More recently, viruses have been spread via the Internet, for example using e-mail. In the future it can be expected that viruses will be spread by the wireless transmission of data, for example by communications between mobile communication devices using a cellular telephone network.
Various anti-virus applications are available on the market today. These tend to work by maintaining a database of signatures or fingerprints for known viruses and malware. With a “real time” scanning application, when a user tries to perform an operation on a file, e.g. open, save, or copy, the request is redirected to the anti-virus application. If the application has no existing record of the electronic file, the electronic file is scanned for known virus or malware signatures. If a virus or malware is identified in a file, the anti-virus application reports this to the user, for example by displaying a message in a pop-up window. The anti-virus application may then add the identity of the infected file to a register of infected files.
As more viruses and malware are identified, anti-virus databases become larger. Furthermore, scanning and processing times become longer. In some computer system environments, file storage and processing are limited resources, and the anti-virus application and database should consume as few resources as possible. This is particularly important in devices such as mobile telephones which have limited memory and processing capabilities. Some mobile telephones use the Symbian™ operating system. The database for known Symbian viruses is currently around 500 kilobytes. A mobile telephone anti-virus database is typically updated wirelessly, and so transferring the database consumes a large amount of bandwidth and takes some time. This can be inconvenient and expensive for the mobile telephone user. Furthermore, the amount of memory available on mobile telephones is often limited, so storing the anti-virus database can have a detrimental impact on the user's experience, as they may prefer to use the storage for other types of file. A further problem is that the limited processing resources of a mobile telephone can be used by the anti-virus application to the detriment of other applications on the mobile telephone.